Browse Prior Art Database

Security Framework for Provider-Provisioned Virtual Private Networks (PPVPNs) (RFC4111)

IP.com Disclosure Number: IPCOM000126389D
Original Publication Date: 2005-Jul-01
Included in the Prior Art Database: 2005-Jul-14

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

Ed.: AUTHOR [+2]

Abstract

This document addresses security aspects pertaining to Provider- Provisioned Virtual Private Networks (PPVPNs). First, it describes the security threats in the context of PPVPNs and defensive techniques to combat those threats. It considers security issues deriving both from malicious behavior of anyone and from negligent or incorrect behavior of the providers. It also describes how these security attacks should be detected and reported. It then discusses possible user requirements for security of a PPVPN service. These user requirements translate into corresponding provider requirements. In addition, the provider may have additional requirements to make its network infrastructure secure to a level that can meet the PPVPN customer's expectations. Finally, this document defines a template that may be used to describe and analyze the security characteristics of a specific PPVPN technology.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 3% of the total text.

Network Working Group                                       L. Fang, Ed.
Request for Comments: 4111                                    AT&T Labs.
Category: Informational                                        July 2005


                        Security Framework for
         Provider-Provisioned Virtual Private Networks (PPVPNs)

Status of This Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2005).

Abstract

   This document addresses security aspects pertaining to Provider-
   Provisioned Virtual Private Networks (PPVPNs).  First, it describes
   the security threats in the context of PPVPNs and defensive
   techniques to combat those threats.  It considers security issues
   deriving both from malicious behavior of anyone and from negligent or
   incorrect behavior of the providers.  It also describes how these
   security attacks should be detected and reported.  It then discusses
   possible user requirements for security of a PPVPN service.  These
   user requirements translate into corresponding provider requirements.
   In addition, the provider may have additional requirements to make
   its network infrastructure secure to a level that can meet the PPVPN
   customer's expectations.  Finally, this document defines a template
   that may be used to describe and analyze the security characteristics
   of a specific PPVPN technology.

Table of Contents

   1.  Introduction .................................................  2
   2.  Terminology ..................................................  4
   3.  Security Reference Model .....................................  4
   4.  Security Threats .............................................  6
       4.1.  Attacks on the Data Plane ..............................  7
       4.2.  Attacks on the Control Plane ...........................  9
   5.  Defensive Techniques for PPVPN Service Providers ............. 11
       5.1.  Cryptographic Techniques ............................... 12
       5.2.  Authentication ......................................... 20
       5.3.  Access Control Techniques .............................. 22
       5.4.  Use of Isolated Infrastructure ......................... 27

Fang                         Informational                      [Page 1]
RFC 4111                PPVPN Security Framework               July 2005


       5.5.  Use of Aggregated Infrastructure ....................... 27
       5.6.  Service Provider Quality Control Processes ............. 28
     ...